The Office of Personnel Management says victims of a massive data breach include current and former federal employees whose records were sent by their organizations to OPM for future retirement processing.
The agency updated the Frequently Asked Questions section of its website Thursday with a few more details about the files hackers accessed. OPM previously stated that the breach affected 4 million current and former federal employees. It now says that estimate includes employees of any branch of the government whose organizations sent records to OPM for retirement purposes, regardless of whether the employee’s full personnel file is stored on OPM’s network.
“These records include service history records (such as the SF 2806), court orders, and other records and information that pertain to annuity calculations,” OPM said on the website.
Those records include sensitive information such as names, Social Security numbers and birth dates. They may also contain an employee’s job assignments, training records and benefit selections, OPM says.
OPM maintains personnel records for most, but not all, civilian agencies. Other federal organizations may submit an employee’s service-history documentation to OPM on certain occasions, the agency warned. Those include when an employee transfers from one agency to another, leaves an agency, or when the agency changes its payroll service center.
OPM said it believes active military personnel were not affected, although current and former Defense Department civilian employees were. It cautioned that it is still investigating the incidents, and new information might cause it to revise those statements.
In comparison to the details shared about this data breach, OPM has said little about a more recently announced breach reported to put 14 million people at risk.
Investigators discovered that breach in the course of investigating the first attack. The larger breach compromised security-clearance holders and applicants’ records. OPM said it is still determining the scope of that intrusion. It expects to notify victims at some point, it said.
“The investigation is still ongoing, and we will notify affected individuals as soon as is practicable. As with any such event, it takes time to conduct a thorough investigation and to identify the affected individuals,” it said.
OPM has tried to reassure those going through background investigations now that their data is secure. It still is processing those files. It said it is working closely with the White House, Homeland Security Department and others to safeguard that data.